BUG#34788 - malformed federated connection url is not handled

            correctly - crashes server !

Creating federated table with connect string containing empty
(zero-length) host name and port is evaluated as 0 (port is
incorrect, omitted or 0) crashes server.

This happens because federated calls strcmp() with NULL pointer.

Fixed by avoiding strcmp() call if hostname is set to NULL.
parent 70ca2ae2
...@@ -2069,6 +2069,8 @@ a b ...@@ -2069,6 +2069,8 @@ a b
1 1 1 1
DROP TABLE t1; DROP TABLE t1;
DROP TABLE t1; DROP TABLE t1;
CREATE TABLE t1 (a INT) ENGINE=federated CONNECTION='mysql://@:://';
DROP TABLE t1;
DROP TABLE IF EXISTS federated.t1; DROP TABLE IF EXISTS federated.t1;
DROP DATABASE IF EXISTS federated; DROP DATABASE IF EXISTS federated;
DROP TABLE IF EXISTS federated.t1; DROP TABLE IF EXISTS federated.t1;
......
...@@ -1738,4 +1738,11 @@ DROP TABLE t1; ...@@ -1738,4 +1738,11 @@ DROP TABLE t1;
connection slave; connection slave;
DROP TABLE t1; DROP TABLE t1;
#
# BUG#34788 - malformed federated connection url is not handled correctly -
# crashes server !
#
CREATE TABLE t1 (a INT) ENGINE=federated CONNECTION='mysql://@:://';
DROP TABLE t1;
source include/federated_cleanup.inc; source include/federated_cleanup.inc;
...@@ -643,12 +643,19 @@ static int parse_url(FEDERATED_SHARE *share, TABLE *table, ...@@ -643,12 +643,19 @@ static int parse_url(FEDERATED_SHARE *share, TABLE *table,
if ((strchr(share->table_name, '/'))) if ((strchr(share->table_name, '/')))
goto error; goto error;
/*
If hostname is omitted, we set it to NULL. According to
mysql_real_connect() manual:
The value of host may be either a hostname or an IP address.
If host is NULL or the string "localhost", a connection to the
local host is assumed.
*/
if (share->hostname[0] == '\0') if (share->hostname[0] == '\0')
share->hostname= NULL; share->hostname= NULL;
if (!share->port) if (!share->port)
{ {
if (strcmp(share->hostname, my_localhost) == 0) if (!share->hostname || strcmp(share->hostname, my_localhost) == 0)
share->socket= my_strdup(MYSQL_UNIX_ADDR, MYF(0)); share->socket= my_strdup(MYSQL_UNIX_ADDR, MYF(0));
else else
share->port= MYSQL_PORT; share->port= MYSQL_PORT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment